Hello All,
I was wondering if there is a way to have a user logon to the machine and
not have the computer policies applied to the machine if the user is part of
a certain group?
Say for example, I have defined a policy in computer configuration, disable
adding tasks to task scheduler, on an OU. All machines are located in the
OU. Domain admins do not have "read or apply group policy" rights to that
particular group policy. Authenticated users have "read or apply group
policy" rights.
Now, if a domain user logs on to the machiine, the computer policy is
applied to them, which is alright. But if a domain admin logs on, the
computer policy still applies.
I do understand that computer policy applies on the machine before msgina is
presented, but is there any way to condition it to revert the change when a
domain admin logs on?
Thanks in advance.
... you don't know what you've got 'till it's gone..
- Joni Mitchell
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
